The product release comes of the heels of the launch of Oracle’s new financial services software unit last week. The unit sells software developed by Indian banking technology specialist i-flex in which Oracle holds an 81% stake.
GRC relates to the planning, implementation, monitoring, and analysis of internal controls for business operations to ensure compliance with financial transparency regulations. Governance, risk, and compliance management are interrelated terms. Compliance is the means of meeting the requirements of corporate governance, which is the framework for how policies, decisions and standards are made in an organization. Risk management ensures systems and process integrity and safeguards business continuity.
The technical boundaries of what constitutes a GRC investment is often blurred because GRC applies to a wide range of software products including document, email, and records management, business process management, workflow controls automation and monitoring, business rules management, storage and archiving, legal discovery, and business intelligence reporting and analytics.
Nevertheless, industry research confirms that GRC is a hot growth market. IDC pegs GRC software and services as a $20bn market while AMR Research expects spending on GRC initiatives to reach $30bn by the end of 2007, an increase of 9% over last year. Research by Gartner shows that by 2008 75% of large and mid-size firms will buy GRC software.
The core of Oracle GRC for Financial Services is built on the Reveleus’ enterprise risk and compliance software and Mantas’ behavior detection platform that is part of Oracle’s GRC Manager process, content, and access management and GRC analytics suite. Reveleus is a division of Mumbai-based i-flex.
Our View
Companies starting to ramp up their investments in software to support corporate GRC management initiatives now have plenty of choices. Large ERP firms rolled out new and upgraded GRC suites. Business performance management vendors are starting to take a greater interest in GRC, and there are a multitude of smaller GRC specialists that continue to offer niche functionality.
From a competitive perspective, GRC is shaping up to be another battleground in the war between Oracle and SAP for dominance of the enterprise business applications market. Last April SAP signaled its intention to play in the GRC market following its acquisition of Virsa Systems. The company also set up a dedicated GRC business unit in May 2006 and has regrouped its other compliance-related products, such as Global Trade Service and Risk terminator, under the GRC banner.
Oracle is in many ways playing catch-up with SAP, which now boasts over 2,000 GRC customers. Oracle strengthened its only GRC product offering, Internal Controls Manager, in March with new and broader functionality. The acquisition of Stellent added a content management component geared for GRC. Oracle’s BI Suite also offers the necessary analytics, reporting, and dashboarding tools, and Oracle’s i-flex approach now adds an interesting vertical twist to GRC.
Ultimately both Oracle and SAP would like customers to think of GRC not only as tactical departmental standalone applications aimed at Sarbanes-Oxley, but also holistically as part of an integrated compliance-focused suite of products that also pulls in its ERP financials and strategic performance management applications.
As Oracle and SAP jostle for market leadership, IBM also cannot be discounted, and is starting to put together an integrated product-services GRC roadmap. This all points to more consolidation activity and new vendor entrances as demand for GRC suites increases.
